[AccessD] Wordpress, Blogs and sidebars
Bryan Carbonnell
carbonnb at gmail.com
Sun Oct 29 08:55:40 CDT 2017
For the WP core, there is only a select group that can actually commit.
>From https://make.wordpress.org/core/handbook/contribute/
Committers are a type of WordPress contributor who has earned the
trust of the community and been given the keys to “commit” code to
WordPress core. Committers use their judgement to commit their own
code as well as code from other contributors.
So how do you know they aren't hackers? You may not, but the WP
community doesn't think they are otherwise they would never have been
given the key to commit in the first place.
For plugins and themes, you don't. Using popular themes and plugins
will minimize the risks, because if they are bad/spam/hacking vectors
they won't last long in the official plugin/theme repositories.
That being said, here's an article detailing how a bad actor bought
popular plugins and turned them into spam producing plugins.
https://www.wordfence.com/blog/2017/09/coordinated-plugin-spam/
Unless you want to roll-your-own web CMS (with all the nightmare that
that entails), there is no way to be certain about anything. Knowledge
and trust go a long way though. Having a good security solution for
your WP installation helps considerably. As does having good backups
just in case.
B
On 27 October 2017 at 18:28, John Colby <jwcolby at gmail.com> wrote:
> I have to say that 1200 commits by 40 people in two weeks makes me uneasy.
> Is there a defined process to review the new code before it is committed?
> How do I know that one of the "active contributors" is not a hacker
> inserting back doors into the codebase? Just because something is open
> source does not mean anyone is watching. Development at that speed is
> absolutely possible. Doing a thorough code review at that speed is less
> likely.
>
> In the eighties I was the author of code and participated in reviews. The
> author, reader and scribe all looked over the code. The author explained,
> line by line what the reader was reading. The scribe watched and wrote down
> any questions or change requirements. Wash, rinse, repeat until all three
> were satisfied.
>
>
>
> On 10/27/2017 3:59 PM, Jim Lawrence wrote:
>>
>> One WP teacher at the local college has been web designing since 1998 and
>> she says there is still more to know. As an Open Source product, it evolves
>> daily.
>>
>> Aside: If you check the WP Github site you will see that it has had over
>> 1,200 commits in just two weeks via over 40 currently active contributors.
>> WP is not unstable but it is advancing at an incredible speed.
>>
>> If WordPress mystifies you, you are in good company. :-)
>>
>> Jim
>>
>> ----- Original Message -----
>> From: "Arthur Fuller" <fuller.artful at gmail.com>
>> To: "Access Developers discussion and problem solving"
>> <accessd at databaseadvisors.com>
>> Sent: Friday, October 27, 2017 11:17:56 AM
>> Subject: Re: [AccessD] Wordpress, Blogs and sidebars
>>
>> I too am wandering down this path and am much mystified as to how it all
>> works. Plogging along as best i can but it is not easy.
>>
>> A.
>>
>> On Oct 27, 2017 1:49 PM, "Jim Lawrence" <accessd at shaw.ca> wrote:
>>
>>> Hi John:
>>>
>>> I think you have taken the right course to create a good web presence as
>>> most of the world's most common CMS. It is so popular that all the other
>>> similar programs, collectively have less users than WP.
>>>
>>> Which theme did you decide to buy?
>>>
>>> I have worked with WP for a time but am hardly an expert...Bryan may be a
>>> good resource. I do have two excellent partners though, Mr and Mrs Google
>>> and Github is your friend.
>>>
>>> It sounds like you have some very exciting projects planned. You must
>>> keep
>>> us all posted.
>>>
>>> Aside: As WP is the most popular application of its type, its attack
>>> vector is huge. There are some very good articles on security, use them
>>> and
>>> as one fellow said, "Remember, always PYS". There are thousands of great
>>> plugs but there are hundreds of badly designed inserts so "caution" is
>>> the
>>> word of the day. (My wife has a WP website and it took six months to rid
>>> ourselves of one persistent script-kiddie and it all came down to one bad
>>> plugin.)
>>>
>>> Jim
>>>
>>> ----- Original Message -----
>>> From: "John Colby" <jwcolby at gmail.com>
>>> To: "Access Developers discussion and problem solving" <
>>> accessd at databaseadvisors.com>
>>> Sent: Monday, October 23, 2017 5:20:32 PM
>>> Subject: [AccessD] Wordpress, Blogs and sidebars
>>>
>>> So guys, I am trying to bring my web site back. I decided to use Word
>>> Press. Too late to argue, it's paid for. Now I need help of course.
>>>
>>> I got it installed, and I am writing two blogs (more in the future).
>>> When I say "two blogs", I mean blogs on two different subjects, one is
>>> moving my blog from BlogSpot for Access classes. The other is moving the
>>> tale of Sweet Allie Bluebeard, i.e. my sailing adventure when I bought
>>> my boat.
>>>
>>> I am able to write blog entries however they just appear as a long list
>>> of blog titles, which can be clicked on to read the specific blog entry
>>> or article. What I want is a tree structure which allows me to have a
>>> sidebar (or something) which holds a tree kinda thing and the branches
>>> are hot links to the individual pages. Seems like something every
>>> blogger would wish for.
>>>
>>> Well maybe but I am not discovering how to just do it in WP. So if
>>> there are any WP gurus (NOT Word Perfect!;) that would like to hold my
>>> hand through getting this set up, please contact me off line.
>>>
>>> Thanks,
>>>
>>> --
>>> John W. Colby
>>>
>>> --
>>> AccessD mailing list
>>> AccessD at databaseadvisors.com
>>> http://databaseadvisors.com/mailman/listinfo/accessd
>>> Website: http://www.databaseadvisors.com
>>> --
>>> AccessD mailing list
>>> AccessD at databaseadvisors.com
>>> http://databaseadvisors.com/mailman/listinfo/accessd
>>> Website: http://www.databaseadvisors.com
>>>
>
> --
> John W. Colby
>
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
--
Bryan Carbonnell - carbonnb at gmail.com
Life's journey is not to arrive at the grave safely in a
well-preserved body, but rather to skid in sideways, totally worn out,
shouting "What a great ride!"
More information about the AccessD
mailing list